5.9
CVE-2023-38009
- EPSS 0.06%
- Veröffentlicht 26.01.2025 16:15:30
- Zuletzt bearbeitet 18.08.2025 17:57:33
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Cognos Analytics Mobile information disclosure
IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.181 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 4.2 | 0.5 | 3.6 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.